Re: [exim] Detecting authentication failures

Top Page
Delete this message
Reply to this message
Author: Mike Cardwell
Date:  
To: exim-users
Subject: Re: [exim] Detecting authentication failures
* on the Mon, Mar 19, 2007 at 11:11:40AM +0000, Dave Evans wrote:

>>> In the general case, you could just modify server_condition so that, as a
>>> side-effect of failing (i.e. when it's about to fail), it uses ${perl or
>>> ${run or something else which does whatever you want it to.
>> i have no server_condition for CRAM and SPA...
>> Can I write it in this cases, too?
> Ah. No, sorry. My authenticators are plaintext (which supports
> server_condition); not sure how you'd do it for other auth types.


Flag whether or not they've attempted authentication by setting an acl
variable in an acl_smtp_auth acl, then check if they've successfully
authenticated in the sender or rcpt acl. Eg:

acl_smtp_auth = acl_check_auth
acl_smtp_mail = acl_check_sender

acl_check_auth:
warn set acl_c0 = auth_attempt

acl_check_sender:

   drop condition      = ${if eq{$acl_c0}{auth_attempt}}
        !authenticated = *
    condition      = ${lookup mysql{INSERT INTO blacklist SET ip_address='$sender_host_address'}{true}{true}}
        message        = You attempted to authenticate, but failed. Bugger off


Note: This is untested, and I've never used acl_smtp_auth so make sure
you read up on it, and test it before putting it live ;)

This probably doesn't afffect you, however I'll mention it anyway... I
support Cram authentication, but only for some accounts. This means,
I have to *always* advertise it in response to the EHLO. In cases where
an account doesn't have Cram and the user is using Thunderbird for
example, Thunderbird will try Cram and fail. It will then try Plain or
Login, and succeed. I wouldn't want to blacklist these people for
failing the first authentication attempt.

Mike